​CyberArk 2017 (and beyond) Cyber Security Predictions

The integrity of information will be one of the biggest challenges global consumers, businesses and governments face in 2017, where information from previously venerated sources is no longer trusted. Cyber attacks won’t just focus on a specific company, they’ll be attacks on society designed to eliminate trust itself.

We’ve seen information used as a weapon and propaganda tool in the 2016 U.S. election cycle, but this will move to the next stage where information can no longer be trusted at all. Attackers aren’t just accessing information; they’re controlling the means to change information where it resides, and manipulating it to help accomplish their goals.

For example, consider how the emergence of tools that allow for greater manipulation of previously unquestioned content – like audio files – could lead to increased extortion attempts using information that may not be real, or grossly out of context. It will be easier than ever to piece together real information stolen in a breach with fabricated information to create an imbalance that will make it increasingly difficult for people to determine what’s real and what’s not.

2.Cloudy with a Chance of Cyber Attacks

Cloud infrastructure and the proliferation of cloud-based services have proven to be game changers for business. The benefits of the cloud have not gone unnoticed by the dark side either.

Much like how cyber attackers are channeling the power and insecurity of IoT devices to launch massive DDoS attacks on scales previously thought unachievable, attackers will increasingly use the cloud to ramp up production of attack tools.

With the addition of available computing power and agile development capabilities afforded by the cloud, we’ll see new attack tools that are exponentially stronger than previous iterations, we’ll see attacks that are stronger and more devastating, and ultimately, because attacks are raining from the cloud, attribution will become nearly impossible. This will also increase the agility of attackers – a strategic advantage that they currently hold over organisations.

The year 2016 was marked by tremendous progress in the field of artificial intelligence (AI) and subsets of the technology such as machine learning, machine intelligence, deep learning and more.

In the field of cyber security, hundreds of companies are working to incorporate AI and machine learning into their technologies to predict, prevent and defeat the next major cyber attack.

As we’ve seen with other technologies, as AI becomes commoditised, we can expect cyber attackers to take advantage of AI in a similar way as businesses. Much like 2016 saw the first massive IoT-driven botnet unleashed on the Internet, 2017 will be characterised by the first AI-driven cyber attack.

These attacks will be characterised by their ability to learn and get better as they evolve. Think about “spray and pay” ransomware attacks that get smarter, and more targeted about what information is held hostage, and what to charge for it. This will transform the “advanced attack” into the common place, and will drive a huge economic spike in the hacker underground. Attacks that were typically reserved for nation-states and criminal syndicates will now be available on a greater scale.

4. Data Privacy and Pricing Structures

The efforts on consumer data-conditioning are almost complete – consumers know that private information is a commodity they can trade for better service. We’re beginning to see this in the insurance market, where drivers are giving up driving habits, location, destinations and PII to get better rates.

We expect that more companies will take this approach with online data as well and use cyber security fears and concerns over privacy to drive pricing structures.

Consumers will increasingly be faced with a data conundrum – provide more personal information for basic service, or upgrade and spend more money on premium services that require less personal information and provide greater levels of security.

In parallel, small and midsize organisations that have been ‘priced out’ of adequate security options, particularly against threats like ransomware, may also be able to make trades for better protection. In the meantime, the emergence and greater adoption of automated security solutions will help close the gaps between available skills, budget and protection.

Unlike private business and government organisations, cyber criminals are not bound by IP, data privacy, budgets or other concerns. We expect to see hacktivists, nation-based attackers and cyber-criminals accelerate use of the tools used to learn from each other’s attacks – and identify defacto best practices to emulate them on broader scales.

Agile approaches to spur greater black hat collaboration will enable attackers to ‘improve upon’ existing malware and viruses like Stuxnet, Carbanak and most recently Shamoon, to unleash a new wave of threats.

These more dangerous attacks will put pressure – potentially regulatory or merger and acquisition related - on public and private organisations to step up collaboration and prioritise ways to incorporate intelligence gained from these attacks into new innovations meant to combat cyber threats and beat the attackers at their own game.

Solution Centres

Stories by John Worrall

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.